Comments on: Configuring dot1x http://communitystring.com/2009/09/configuring-dot1x/ My personal CCIE study notes for the Routing & Switching track Tue, 06 Dec 2011 02:37:55 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Bradley http://communitystring.com/2009/09/configuring-dot1x/comment-page-1/#comment-24 Bradley Mon, 05 Oct 2009 09:46:25 +0000 http://communitystring.com/?p=350#comment-24 Hey Roland, many of the sites in our network have implemented dot1x for the wireless clients, its setup so they can travel to institutions throughout the world and still use the same credentials and is pretty successful www.eduroam.org The biggest barrier we have found to deployment is sites understanding the technology, apart from the problem you described with changing VLANs the technology seems ready for prime time. Hey Roland, many of the sites in our network have implemented dot1x for the wireless clients, its setup so they can travel to institutions throughout the world and still use the same credentials and is pretty successful http://www.eduroam.org

The biggest barrier we have found to deployment is sites understanding the technology, apart from the problem you described with changing VLANs the technology seems ready for prime time.

]]> By: Roland http://communitystring.com/2009/09/configuring-dot1x/comment-page-1/#comment-23 Roland Sat, 03 Oct 2009 21:27:53 +0000 http://communitystring.com/?p=350#comment-23 802.1x is a great tool with a poor OS support. I'm experiencing problems with WinXP clients and DHCP: the client gets an IP address from unauth VLAN and when the authentication completes it keeps the old ip address in the new vlan so a ipconfig /release and /renew is needed. I'm using WinXP SP2 and SP3 with the same results. The client-side problems are a big issue in implementing 802.1x, I had to pause the whole project. Other dot1x clients fix that problem but it's hard to tell the customer to buy a new client and install it in >1000 clients when EAP is supposed to be a OS feature free of charge. What's your experience? 802.1x is a great tool with a poor OS support. I’m experiencing problems with WinXP clients and DHCP: the client gets an IP address from unauth VLAN and when the authentication completes it keeps the old ip address in the new vlan so a ipconfig /release and /renew is needed. I’m using WinXP SP2 and SP3 with the same results. The client-side problems are a big issue in implementing 802.1x, I had to pause the whole project. Other dot1x clients fix that problem but it’s hard to tell the customer to buy a new client and install it in >1000 clients when EAP is supposed to be a OS feature free of charge. What’s your experience?

]]> By: appelmoes http://communitystring.com/2009/09/configuring-dot1x/comment-page-1/#comment-22 appelmoes Fri, 25 Sep 2009 04:58:20 +0000 http://communitystring.com/?p=350#comment-22 try dot1x port-control auto aaa authentication dot1x default group radius and not DistSwitch(config)#aaa authentication login default line try

dot1x port-control auto

aaa authentication dot1x default group radius

and not

DistSwitch(config)#aaa authentication login default line

]]>